Later today, Facebook is widely predicted to announce a new email system for its 500 million users.

Some commentators, such as Craig Newmark of Craigslist fame, are already predicting that a Facebook email service will go further than being a Gmail-killer, and actually raises hopes of a spam-free future too.

Umm.. I think everybody needs to calm down a little. Because it’s time for a reality check.

Cybercriminals are compromising the accounts of Facebook users, and using their accounts to spread spam messages. It could be argued that using this method of spreading spam is more effective than traditional email spam, because users are more likely to open and trust a message which appears to have been sent by someone they know – one of their Facebook buddies.

So, just because you receive a message from a verified Facebook user who you have already connected with doesn’t mean that the email is kosher. All it means is that the Facebook account was used to send the spam.

More emphasis by Facebook on email could mean that the social network becomes even more attractive for spammers to abuse.

Others, including such luminaries as Bill Gates, have predicted the death of spam in the past. Hopefully others will learn to be a little more cautious with such predictions in future.

Don’t forget, cybercriminals are like a horde of hungry lions looking for their next meal. If they see a whole bunch of zebras (users) congregating in one place (Facebook) for a quick drink at the waterhole, don’t be surprised if they focus their attention there. Spam makes the bad guys money, so they’re going to carry on finding ways to send spam for as long as they can.

We’ll certainly be watching Facebook’s announcement later today about Fmail with interest, and will be keen to see what they have to say about email security.

Post navigation

About the author

Graham Cluley runs his own award-winning computer security blog at https://www.grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley